−

Agility, architecture, safety:

views of a system challenge.
Pitfalls and opportunities
of SAFe and ISO 26262
Dr. Joachim Schlosser
Senior Manager
Elektrobit

© Elektrobit 2023
The wise men and the mysterious animal

© Elektrobit 2023 December 15, 2023 2

Three views

ISO 26262 / IEC 61508

Safety

The actual product

Architecture
SAFe

Agile

© Elektrobit 2023 December 15, 2023 3

Agenda

01 02 03 04 05
Safe with SAFe? SAFe enablers End to end Maturity tracking, Collaboration with
workflow scoping, review authorities and
process summary

© Elektrobit 2023 December 15, 2023 4

 Safe with SAFe?
© Elektrobit 2023 December 15, 2023 5
 − More than 600 million vehicles with over 5 billion embedded devices

Our software moves the world

© Elektrobit 2023 December 15, 2023 6

−
We are Elektrobit
Your software solution partner

4,000 ROAD-PROVEN SAFETY & PRODUCTS &

EXPERTS INNOVATION SECURITY SERVICES

© Elektrobit 2023 December 15, 2023 7

−
[Why me]

Prof. Dr. Joachim Schlosser

Senior Manager, Elektrobit

© Elektrobit 2023 December 15, 2023 8

−
Image Sources: Hochschule Augsburg, Technische Universität München, BMW AG, Wiki Commons (under LGPL), Berner & Mattner Systemtechnik GmbH, Audi AG, MathWorks
“Feature”?

“A Feature is a service that fulfills a stakeholder need.

Each feature includes a benefit hypothesis and acceptance
criteria and is sized or split as necessary to be delivered
by a single Agile Release Train (ART) in a Program
Increment (PI).”
Says SAFe [4]

© Elektrobit 2023 December 15, 2023 9

−
 SAFe enablers
© Elektrobit 2023 December 15, 2023 10
−
SAFe enablers

Exploration Enablers Architectural Enablers Infrastructure Enablers Compliance Enablers

Research Build and extend the Facilitate frequent Manage specific
Prototyping architectural runway integration and (CI/CD) compliance activities

Understand customer needs Ensure smoother / faster Support aggressive V&V

development (CDP) integration cadence Audits
Evaluate solution
alternatives Address resiliency issues in Approvals
deployed solutions
Policy automation
Address Nonfunctional
Requirements (NFRs)

© Elektrobit 2023 December 15, 2023 11

 Planning E2E features
3 phases

1. 2. 3.
Enablement PI preparation PI execution
phase phase phase
Prerequisites that have Same for all types of Just do it.
to be fulfilled in order items, whether safety
to even move the item or not, and is described
to the program increment in SAFe
for execution

© Elektrobit 2023 December 15, 2023 13

 End to end workflow
© Elektrobit 2023 December 15, 2023 14
−
Go SAFe: E2E features –
ft = UC, ft done in one PI
Ticket Structure

Use Case UC x

1:n mapping possible to split UC work

UCx E2E Feature 1 PI_z1 UC x E2E Feature 2 PI_z2 UC x E2E Feature 3 PI_z3
Feature(s) type: epic type: epic type: epic

Fixed 1:5 mapping

UCxFt2:
Work pkgs. (domains) prod. Reqs
UCxFt2:
Arc
UCxFt2:
dev
UCxFt2:
integrate
UCxFt2:
verify
Type: story

Optional:
Subtasks

© Elektrobit 2023 December 15, 2023 15

Task oriented workflow within each domain

Task oriented
workflow

Review changes wrt

Handle Jira Ticket Branch git Update Content Run pr verification Merge to master
target maturity

Content: docs, source code, tests, …

© Elektrobit 2023 December 15, 2023 16

Workflow relation between domains

Workflow
relation
Task oriented [provides Task oriented
Req&Arc workflow – maturity: coverage level workflow – maturity:
draft|proposed approved] approved

Start E2E Task oriented [provides Task oriented Feature Close E2E
Optional:
feature Dev&Int workflow – maturity: coverage level workflow – maturity: review / feature
system demo
(Jira Epic) draft|proposed approved] approved config audit (Jira Epic)

Task oriented [provides Task oriented

Ver&Val workflow – maturity: coverage level workflow – maturity:
draft|proposed approved] approved

Working in Maturity "approved"

parallel possible implies sequential approach

© Elektrobit 2023 December 15, 2023 17

Benefits of end-to-end features

Efficiency: Faster time to market:

“fail fast, react fast” − Reduced lead time for features,

Quicker adaptations − Faster delivery to the market.

Facilitating decisions by CCB.

Clearer + Alignment with

leaner planning:
− Enhances transparency
− Streamlines planning process
− Straightforward and efficient
SAFe planning:
− Integrates with SAFe planning
structure
− Cohesive approach to development
− Harmonizes with use case-
based methodology

© Elektrobit 2023 December 15, 2023 18

−
 Maturity tracking, scoping,
review process
© Elektrobit 2023 December 15, 2023 19
−
E2E feature state machine model (simplified)

Do a misc change Do a misc change, Fix postponed

Update draft content (e.g. fix typos) (e.g. fix typos) findings, hotfixes etc
Version (V.v) = 0.1 (no version Version = V.v Do a major Version = V.v Version = V.v+1
update) informal pr review (no version update) change OR add (no version update) (minor version update)
new feature
Propose Version = V +1.0
(major version update)
feature content
DocStatus: Draft Version = 0.2 DocStatus: Proposed DocStatus: Approved DocStatus: Released
Create initial (QMS: Review_OK)
Conent Qlabel: RFP Qlabel: RFP Qlabel: RFM
Qlabel: RFD
Release The
Review the Document
completed Version = V.v+1 (minor
content / feature version update) ensure/fix
the proper document scope,
Do a minor change Version = V.v+1 (minor Do a minor change no unfinished features /
version update)
not affecting other not affecting other “draft” or “proposed”
documents documents sections are allowed in the
Version = V.v+1 (minor Version = V.v+1 final pdf version
version update) (minor version update)

Do a major/minor change OR add new feature (chapter) after Release

Version = V+1.0 (major version update)

© Elektrobit 2023 December 15, 2023 20

Slices, services, snippets

review
snippet
safety
case snippet
safety case slice

review safety
snippet case snippet
review safety
snippet case snippet

Safety case
contribute to module

review safety
snippet case snippet

© Elektrobit 2023 December 15, 2023 22

−
Maturity level state machine

Complete Confirm Approve

Concept DRAFT CNCPT_CONT_COMPLETE CNCPT_CONT_COMPLETE CNCPT_APPROVED
Phase 1
concept content concept content concept content
approval [1] [2] [3] [4]
Failure or major
changes within a
phase 2 state
Complete technical
Failure or major changes within a phase 2 state content for others Complete technical
content for concept
and plans

Confirm Approve
technical content technical content
Technical TECH_CONT_COMPLETE TECH_CONT_CONFIRMED TECH_APPROVED
Phase 2 approval [5] [6] [7]

Approve in E/E/PE
system context

E/E/PE System
EEPE_SYS_CNTXT_APPRO
Phase 3 context
VED [8]
approval

© Elektrobit 2023 December 15, 2023 23

 Collaboration with
authorities and summary
© Elektrobit 2023 December 15, 2023 24
−
Discuss with authorities on real artifacts

Structured Real artifacts

Dedicated cross-
and proactive rather than too-
functional team
approach early-content

© Elektrobit 2023 December 15, 2023 25

−
Safety, compliance, and industry trust

Dedication to producing
Commitment to safety,
high-quality, certified products
compliance, and industry trust,
for our customers

© Elektrobit 2023 December 15, 2023 26

−
References
[1] J. Schlosser, A. Mattausch, M. Neukirchner, und R. Holve, „Adaption des Software-Qualitätsmanagements im [11] „Enablers“, Scaled Agile Framework. Verfügbar unter:
Automotive-Bereich für eine Nutzung von Fremdkomponenten“, in Software Engineering 2023 Workshops, I. https://scaledagileframework.com/enablers/. [Zugegriffen: 14. September
Groher und T. Vogel, Hrsg., Bonn: Gesellschaft für Informatik e.V., Feb. 2023, S. 78–91. doi: 10.18420/SE2023- 2023]
WS-10. Verfügbar unter: http://dl.gi.de/handle/20.500.12116/40195
[12] D. Leffingwell, Agile software requirements: lean requirements practices for
[2] J. Schlosser, „Das agile Paradoxon: Wenn agile Transformation zäh läuft. Pragmatische Change-Anregungen für teams, programs, and the enterprise. in The Agile software development
Ihre Organisation“, in Embedded Software Engineering Kongress (ESE ), Würzburg: Vogel Communications Group, series. Upper Saddle River, NJ: Addison-Wesley, 2011. Verfügbar unter:
Dez. 2021, S. 548–555. https://amzn.to/3ZlgXbE

[3] „ISO 26262:2018: Road Vehicles – Functional Safety. Part 1-8“, International Standardization Organization, [13] M. Fowler, „StranglerFigApplication“, martinfowler.com, 29. Juni 2004.
Verfügbar unter: https://martinfowler.com/bliki/StranglerFigApplication.html
Geneva, ISO 26262:2018, Dez. 2018.

[4] R. Knaster und D. Leffingwell, SAFe distilled: SAFe 5.0: achieving business agility with the scaled agile framework.
Hoboken, NJ: Addison-Wesley, 2020. Verfügbar unter: https://amzn.to/48sxIpx [14] J. Schlosser und J. Petersohn, „Maintaining Open-Source based Software or
What is the true cost of free?“, in Complete proceedings from the FISITA 2023
[5] „IEC 61508-1:2010 Functional safety of electrical/electronic/programmable electronic safety-related systems - World Congress, Barcelona, Spain: FISITA, Sep. 2023.
Part 1: General requirements“. International Electrotechnical Commission, Geneva, Switzerland, 2010.
[15] J. Goll, „Entwurfsprinzipien für die Konstruktion schwach gekoppelter
[6] O. Popa, C. Mihele, C. Făgărășan, und A. Pisla, „Leadership approach towards Agile, Waterfall and Iterative Teilsysteme“, in Entwurfsprinzipien und Konstruktionskonzepte der
implementation of the software development products“, IOP Conf. Ser. Mater. Sci. Eng., Bd. 1169, S. 012017, Softwaretechnik, Wiesbaden: Springer Fachmedien Wiesbaden, 2018, S. 43–
Aug. 2021, doi: 10.1088/1757-899X/1169/1/012017 91. doi: 10.1007/978-3-658-20055-8_4. Verfügbar unter:
http://link.springer.com/10.1007/978-3-658-20055-8_4
[7] R. Kasauli, E. Knauss, J. Nakatumba-Nabende, und B. Kanagwa, „Agile Islands in a Waterfall Environment:
Challenges and Strategies in Automotive“, in Proceedings of the Evaluation and Assessment in Software [16] J. Schlosser, „Softwarearchitektur als Mittel der Zusammenarbeit“, in
Engineering, Trondheim Norway: ACM, Apr. 2020, S. 31–40. doi: 10.1145/3383219.3383223. Verfügbar unter: Embedded Software Engineering ESE Kongress, Sindelfingen: Vogel
https://dl.acm.org/doi/10.1145/3383219.3383223 Communications Group, Dez. 2019.

[8] „Understanding Agile Methodology & ISO 26262 Based Functional Safety“, Embitel, 23. November 2020.
Verfügbar unter: https://www.embitel.com/blog/embedded-blog/can-agile-methodology-and-iso-26262-based-
functional-safety-go-hand-in-hand
[9] „Introduction to the combined Application of Agile & Safety in Automotive Software Development“, ZVEI -
German Electrical and Electronic Manufacturers’ Association, Frankfurt am Main, Feb. 2021. Verfügbar unter:
https://www.zvei.org/presse-medien/publikationen/introduction-to-the-combined-application-of-agile-safety-in-
automotive-software-development
[10] „Functional Safety in an Agile World“, TÜV SÜD. Verfügbar unter: https://www.tuvsud.com/en/resource-
centre/stories/functional-safety-in-an-agile-world. [Zugegriffen: 12. Oktober 2023]
[17] Automotive SPICE Process Reference Model / Process Assessment Model,
3.1. VDA Quality Management Center, 2017.
[18] J. Spriggs, GSN - The Goal Structuring Notation: A Structured Approach to
Presenting Arguments. London: Springer London, 2012. doi: 10.1007/978-1-
4471-2312-5. Verfügbar unter: https://link.springer.com/10.1007/978-1-4471-
2312-5
[19] „ISO/IEC 5962:2021 Information technology — SPDX® Specification V2.2.1“.
August 2021. Verfügbar unter: https://www.iso.org/standard/81870.html

© Elektrobit 2023 | Public December 15, 2023

Three views – what’s the shape?

Safety
Architecture

Agile

© Elektrobit 2023 December 15, 2023 28

Three views – like a right circular conoid

Safety
Architecture

Agile

© Elektrobit 2023 December 15, 2023 29

Dr. Joachim Schlosser

Senior Manager
Elektrobit – Our software moves the world

joachim.schlosser@elektrobit.com
elektrobit.com

© Elektrobit 2023 | Public